package com.store.secutity.lt;

import com.store.entity.User;
import com.store.service.lt.UserService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.List;
import java.util.Set;

public class MyShiroRealm extends AuthorizingRealm {
    private static org.slf4j.Logger logger = LoggerFactory.getLogger(MyShiroRealm.class);

    @Autowired
    private UserService userService;

    /**
     * 认证信息.(身份验证) : Authentication 是用来验证用户身份
     *
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {
        logger.info("---------------- 执行 Shiro 凭证认证 ----------------------");
        String principal = (String) authcToken.getPrincipal();
        String credentials = new String((char[]) authcToken.getCredentials());//密码
        User user = userService.queryUserByUsername(principal);

        /*// 将传进来的密码进行加密，加密方式
        Object newPwd = new SimpleHash("SHA1", credentials, user.getSalt(), 256);
        String newPwdS = newPwd.toString();
        */
        if (user != null) {
            // 用户为禁用状态
            if (!"1".equals(user.getStatus())) {
                throw new DisabledAccountException();
            }
            ByteSource salt = ByteSource.Util.bytes(user.getSalt());

            /*System.out.println(salt);*/
            SimpleAuthenticationInfo sai = new SimpleAuthenticationInfo(
                    user,
                    user.getPassword(),
                    salt,
                    getName());
            logger.info("---------------- 执行 Shiro 凭证认证成功 ------------------");
            //System.out.println("sai.toString()"+sai.toString());
            return sai;
    }
        throw new UnknownAccountException();
    }


    /**
     * 授权
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        logger.info("---------------- 执行 Shiro 权限获取 ---------------------");
        Object principal = principals.getPrimaryPrincipal();
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        if (principal instanceof User) {
            User user = (User) principal;
            List<String> roles = userService.queryRolesNameByUser(user);
            info.addRoles(roles);
            Set<String> authority = userService.queryAuthority(user);
            //将权限告诉shiro
            info.addStringPermissions(authority);
        }
        logger.info("---- 获取到以下权限 ----");
        logger.info(info.getStringPermissions().toString());
        logger.info(info.getRoles().toString());
        logger.info("---------------- Shiro 权限获取成功 ----------------------");
        return info;
    }

}
